scope:

This document is targeted for use by Small to Medium size Enterprises (SMEs) in the European Union. It defines a set of voluntary good practices for Operational Protection Measures and appropriate use of Privacy Enhancing Technologies to help businesses and data managers comply with Directive 95/46/EC. They are intended to generally apply across all Member States, but may need to be supplemented by country specific advice. Clause 1-5 provide information to help you understand what is personal data, conditions for its processing, guidance for notification and understanding of the National Data Protection and Privacy Supervisory roles and enforcemant powers. The remaining clauses provide good operational and technological practices to help comply with the Directive. As individuals and organizations, we are responsible for safeguarding privacy and managing information risks for whose whose personal data we are entrusted with.